November Scam of the Month: Mailbox Full Phishes

The Strongarm team has been seeing a new type of phishing attack in the wild. These “mailbox full phishes” target the inboxes of Office365 and Google Apps for Business users and tries to make users upset in order to convince them to click.

We’ve seen several people who have clicked on the email and have had their passwords stolen. A number of targets have also forwarded these emails to their IT managers, asking why there is a quota on their mailbox – they’re falling for the trick, making this a phishing attack with high click potential.

We see this all the time. Attackers change their tactics, using urgency or power, typically, to increase the number of people who click. Just this year we went from package delivery notices to invoices and now to mailbox quota phishes.

What the Mailbox Full Phishes Look Like

The mailbox full phishes have been coming from senders that look like they may relate to your company or email provider (but upon closer inspection are fraudulent.) They urge the target to click for an upgrade — after all, it’s free! Below is an example of this attack in the wild:

Who is Being Targeted

A wide variety of business users are being targeted, since a full mailbox would be a problem for just about any employee.

Tips for Businesses to Spot These Phishes

We recommend that you warn all of your users about phishes like these and encourage them not to click on links that are not verified. When in doubt, they should contact your IT team to make sure it’s a legitimate email before clicking.